[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN107493300A - Network security protection system - Google Patents

Network security protection system Download PDF

Info

Publication number
CN107493300A
CN107493300A CN201710854314.1A CN201710854314A CN107493300A CN 107493300 A CN107493300 A CN 107493300A CN 201710854314 A CN201710854314 A CN 201710854314A CN 107493300 A CN107493300 A CN 107493300A
Authority
CN
China
Prior art keywords
module
network
address
attack
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710854314.1A
Other languages
Chinese (zh)
Inventor
王方伟
王长广
张运凯
赵冬梅
黄文艳
郭宏刚
侯卫红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hebei Normal University
Original Assignee
Hebei Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hebei Normal University filed Critical Hebei Normal University
Priority to CN201710854314.1A priority Critical patent/CN107493300A/en
Publication of CN107493300A publication Critical patent/CN107493300A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of network security protection system, including security authentication module, wireless invasive protection module, ARP protection modules, timing polling module, viral analog module, virus characteristic matching module, flow statistical module, network security assessment module, escape truck module, data isolation shift module and abnormal behaviour evaluation module.The present invention realizes the real-time monitoring and audit to network traffics, maintains the kilter of network;By the analysis and memory to unknown intrusion behavior, network immunocompetence is improved;Damaging range can be effectively controlled after invasion, the normal offer guaranteed a network connections and serviced, realizes the real-time recording monitoring of main frame operation operation data, further ensures the safety of system.

Description

Network security protection system
Technical field
The present invention relates to computer network field, and in particular to a kind of network security protection system.
Background technology
With developing rapidly for computer technology and Internet, and the frequent hair of network information security event in recent years Raw, Network Information Security Problem gradually penetrates into industry-by-industry field, turns into focus of concern.In order to prevent safety in advance The generation of event, avoid losing, the network information security, which is assessed, turns into the key link for understanding internet security energy.Information security wind Danger is assessed, and is exactly point to information system and network the threat carry out system of possessed fragility and systems face in itself Analysis, the possibility and security incident that security incident occurs once occur issuable influence and are predicted, finally obtain whole The safe class of individual information system, i.e. safe condition, in this, as the reference of measure with high safety, reduced using safety measure crisp Weak property, risk is reduced to acceptable degree, so as to the safety of guarantee information system.
The content of the invention
It is an object of the invention to provide a kind of network security protection system, realizes the real-time monitoring to network traffics with examining Meter, maintain the kilter of network;By the analysis and memory to unknown intrusion behavior, network immunocompetence is improved;Entering Damaging range can be effectively controlled after invading, the normal offer guaranteed a network connections and serviced, realizes main frame operation operation data Real-time recording monitors, and further ensures the safety of system.
To achieve the above object, the technical scheme taken of the present invention is:
Network security protection system, including
Security authentication module, including Dynamic Host Configuration Protocol server, MAC address authentication module and portal authentication modules, the MAC Location authentication module and the portal authentication modules realized by IMC servers,
Wireless invasive protection module, by constantly monitoring the stream for being up to radio reception device AP or wireless controller AC Measure to detect extensive aggression, when the message of same type exceeds the upper limit, it is believed that wireless network interrupts just by extensive aggression The accessing wirelessly of relevant device;
ARP protection modules, for protecting the ARP of Wireless Communication Equipment to attack, if receiving same source MAC or same The ARP messages of IP address exceed certain threshold value, then it is assumed that attack be present, this MAC Address or IP address are added into attack inspection Survey in list item;
Timing polling module, for auditing at a fixed time and monitor into net flow, propose abnormal flow treatment advice, and it is right It, which is guided, is redirected to viral analog module, while carries out commenting for Network health according to the data real-time monitored Sentence, and evaluation result is sent to host display and Network Abnormal evaluation module;
Viral analog module, for special using analog service and the main-machine communication for producing abnormal flow, extracting attack fingerprint Sign, enrich virus characteristic storehouse;
Virus characteristic matching module, it is special with virus for calculating the virus characteristic fingerprint of monitored main-machine communication packet Zheng Kunei virus characteristic is compared, and comparing result is sent into host display and shown;
Flow statistical module, traffic statistics are carried out using raw data packets header information, with external each of main frame Individual connection carries out traffic statistics for unit, and hash function computing is participated in by extracting communicating pair IP and port numbers characteristic information, The algorithm to be doubled with step-length solves hash-collision, and the accumulative stream connected belonging to the message length field value renewal in packet header Amount;
Network security assessment module, for carrying out network security feelings by the polymorphic response to network anomaly assessment model of foundation The assessment of condition, and assessment result is sent to escape truck module, data isolation shift module;
Escape truck module, the user of main frame is captured for prompting, working environment is adjourned into escape truck and worked on, Need not interruption of work processing safety problem;
Data isolation shift module, for the assessment result drawn according to Network Abnormal evaluation module, data are beaten Bag transfer;
Abnormal behaviour evaluation module, for carrying out the operation information of each program in main frame by way of script recording, in real time The running status of current hosts is monitored, and is completed according to default algorithm to the assessment for the running state information recorded, will be commented Estimate result and be sent to the mobile terminal specified.
Preferably, the MAC address authentication system includes
User authentication module, MAC certifications or Portal are carried out to radio reception device based on the identity characteristic information of user Certification;
MAC Address acquisition module, for obtaining the MAC Address of certified radio reception device;
IP address binding module, for the MAC Address of authenticated user entities to be bound with IP address, and store to address Memory module;
Portal authentication modules, for being authenticated to temporary visitor and distributing temporary ip address.
Preferably, the wireless invasive protection module bag comprises at least two Internet exportations, and one of them is used for interim The transmission of the data of IP address, others are used for the transmission of the data of binding IP address.
Preferably, the assessment system also includes a transparent fireproof wall, for analyzing and extracting scanning feature and prevent outer net Scanning.
Preferably, the transparent fireproof wall includes entrance network interface card, exports network interface card and be arranged at the entrance network interface card with going out Control network interface card between mouth network interface card, bridge is formed between entrance network interface card and outlet network interface card, intranet and extranet transparent communication is realized, is controlling IP address is configured on network interface card, for realizing network manager's Remote Visit and Control fire wall and fire wall by including warning information Net Web server carries out log recording.
Preferably, the viral analog module includes
Virtual responder module, by providing virtual response and providing corresponding Virtual Service, opponent is set to continue attack to obtain Obtain attack traffic;
Analog service module, by performing analog service script, the main frame of immune isolation unit is redirected to flow Interact, simulate the interaction of normal service, make threat main frame continue to attack;
Attack is put on record module, record security isolation module and with the communication information threatened between main frame and writes data Storehouse, the communication information include call duration time, the IP of communicating pair and port information and attacker's operation system fingerprint information;
Data-mining module, if the flow for assert arrival immune isolation unit is dangerous flow, system intelligent extraction is attacked Hit fingerprint characteristic and the feature is stored in immune characteristic storehouse.
Preferably, the assessment system also includes a rogue AP detection module, using the wireless access for being arranged to monitoring pattern Equipment, for the equipment in real time scan WLAN, all Dot11 frames are monitored, once noting abnormalities, then interrupt relevant device Accessing wirelessly.
Preferably, the abnormal behaviour evaluation module is deployed on the main frame in the form of static jar bags.
The invention has the advantages that:
The real-time monitoring and audit to network traffics are realized, maintains the kilter of network;By to unknown invasion The analysis and memory of behavior, improve network immunocompetence;Damaging range can be effectively controlled after invasion, kimonos of guaranteeing a network connections The normal offer of business;Abnormal behaviour evaluation module realizes the real-time recording monitoring of main frame operation operation data, with static jar bags Form be deployed in monitoring object, zero consumption to test server resource can be realized, improve monitoring resource result Accuracy.
Brief description of the drawings
Fig. 1 is the structural representation of network security protection system of the embodiment of the present invention.
Embodiment
In order that objects and advantages of the present invention are more clearly understood, the present invention is carried out with reference to embodiments further Describe in detail.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to limit this hair It is bright.
As shown in figure 1, the embodiments of the invention provide network security protection system, including
Security authentication module, including Dynamic Host Configuration Protocol server, MAC address authentication module and portal authentication modules, the MAC Location authentication module and the portal authentication modules realized by IMC servers,
Wireless invasive protection module, by constantly monitoring the stream for being up to radio reception device AP or wireless controller AC Measure to detect extensive aggression, when the message of same type exceeds the upper limit, it is believed that wireless network interrupts just by extensive aggression The accessing wirelessly of relevant device;
Rogue AP detection module, using the radio reception device for being arranged to monitoring pattern, in real time scan WLAN Equipment, all Dot11 frames are monitored, once noting abnormalities, then interrupt the accessing wirelessly of relevant device;
ARP protection modules, for protecting the ARP of Wireless Communication Equipment to attack, if receiving same source MAC or same The ARP messages of IP address exceed certain threshold value, then it is assumed that attack be present, this MAC Address or IP address are added into attack inspection Survey in list item;
Timing polling module, for auditing at a fixed time and monitor into net flow, propose abnormal flow treatment advice, and it is right It, which is guided, is redirected to viral analog module, while carries out commenting for Network health according to the data real-time monitored Sentence, and evaluation result is sent to host display and Network Abnormal evaluation module;
Viral analog module, for special using analog service and the main-machine communication for producing abnormal flow, extracting attack fingerprint Sign, enrich virus characteristic storehouse;
Virus characteristic matching module, it is special with virus for calculating the virus characteristic fingerprint of monitored main-machine communication packet Zheng Kunei virus characteristic is compared, and comparing result is sent into host display and shown;
Flow statistical module, traffic statistics are carried out using raw data packets header information, with external each of main frame Individual connection carries out traffic statistics for unit, and hash function computing is participated in by extracting communicating pair IP and port numbers characteristic information, The algorithm to be doubled with step-length solves hash-collision, and the accumulative stream connected belonging to the message length field value renewal in packet header Amount;
Network security assessment module, for carrying out network security feelings by the polymorphic response to network anomaly assessment model of foundation The assessment of condition, and assessment result is sent to escape truck module, data isolation shift module;
Escape truck module, the user of main frame is captured for prompting, working environment is adjourned into escape truck and worked on, Need not interruption of work processing safety problem;
Data isolation shift module, for the assessment result drawn according to Network Abnormal evaluation module, data are beaten Bag transfer;
Abnormal behaviour evaluation module, the abnormal behaviour evaluation module are deployed in the main frame in the form of static jar bags On, in the running status of the operation information that each program in main frame is carried out by way of script recording, in real time monitoring current hosts, and Completed according to default algorithm to the assessment for the running state information recorded, assessment result is sent to the mobile end specified End;
Transparent fireproof wall, for analyzing and extracting scanning feature and prevent outer net from scanning.The transparent fireproof wall include into Mouth network interface card, export network interface card and be arranged at the entrance network interface card and export the control network interface card between network interface card, entrance network interface card and outlet Bridge is formed between network interface card, realizes intranet and extranet transparent communication, IP address is configured on control network interface card, for realizing network manager Warning information is carried out log recording by Remote Visit and Control fire wall and fire wall in intranet Web server.
The MAC address authentication system includes
User authentication module, MAC certifications or Portal are carried out to radio reception device based on the identity characteristic information of user Certification;
MAC Address acquisition module, for obtaining the MAC Address of certified radio reception device;
IP address binding module, for the MAC Address of authenticated user entities to be bound with IP address, and store to address Memory module;
Portal authentication modules, for being authenticated to temporary visitor and distributing temporary ip address.
The wireless invasive protection module bag comprises at least two Internet exportations, and one of them is used for temporary ip address The transmission of data, others are used for the transmission of the data of binding IP address.
The viral analog module includes
Virtual responder module, by providing virtual response and providing corresponding Virtual Service, opponent is set to continue attack to obtain Obtain attack traffic;
Analog service module, by performing analog service script, the main frame of immune isolation unit is redirected to flow Interact, simulate the interaction of normal service, make threat main frame continue to attack;
Attack is put on record module, record security isolation module and with the communication information threatened between main frame and writes data Storehouse, the communication information include call duration time, the IP of communicating pair and port information and attacker's operation system fingerprint information;
Data-mining module, if the flow for assert arrival immune isolation unit is dangerous flow, system intelligent extraction is attacked Hit fingerprint characteristic and the feature is stored in immune characteristic storehouse.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (8)

1. network security protection system, it is characterised in that including
Security authentication module, including Dynamic Host Configuration Protocol server, MAC address authentication module and portal authentication modules, the MAC Address are recognized Demonstrate,prove module and the portal authentication modules realized by IMC servers,
Wireless invasive protection module, be up to by constantly monitoring radio reception device AP or wireless controller AC flow come Extensive aggression is detected, when the message of same type exceeds the upper limit, it is believed that wireless network interrupts corresponding just by extensive aggression The accessing wirelessly of equipment;
ARP protection modules, for protecting the ARP of Wireless Communication Equipment to attack, if with receiving same source MAC or same IP The ARP messages of location exceed certain threshold value, then it is assumed that attack be present, this MAC Address or IP address are added into attack detecting table Xiang Zhong;
Timing polling module, for auditing at a fixed time and monitor into net flow, propose abnormal flow treatment advice, and it is entered Row guiding is redirected to viral analog module, while the judge of Network health is carried out according to the data real-time monitored, and Evaluation result is sent to host display and Network Abnormal evaluation module;
Viral analog module, for using analog service and the main-machine communication for producing abnormal flow, extracting attack fingerprint characteristic, filling Real virus characteristic storehouse;
Virus characteristic matching module, for calculating the virus characteristic fingerprint of monitored main-machine communication packet, with virus characteristic storehouse Interior virus characteristic is compared, and comparing result is sent into host display and shown;
Flow statistical module, traffic statistics are carried out using raw data packets header information, with each external company of main frame It is connected in unit and carries out traffic statistics, hash function computing is participated in by extracting communicating pair IP and port numbers characteristic information, with step The algorithm of long multiplication solves hash-collision, and the integrated flow of affiliated connection is updated with the message length field value in packet header;
Network security assessment module, for carrying out network security situation by the polymorphic response to network anomaly assessment model of foundation Assess, and assessment result is sent to escape truck module, data isolation shift module;
Escape truck module, the user of main frame is captured for prompting, working environment is adjourned into escape truck and worked on, it is not necessary to Interruption of work handles safety problem;
Data isolation shift module, for the assessment result drawn according to Network Abnormal evaluation module, data are subjected to packing and turned Move;
Abnormal behaviour evaluation module, for carrying out the operation information of each program in main frame by way of script recording, monitoring in real time The running status of current hosts, and complete, to the assessment for the running state information recorded, to tie assessing according to default algorithm Fruit is sent to the mobile terminal specified.
2. network security protection system as claimed in claim 1, it is characterised in that the MAC address authentication system includes
User authentication module, MAC certifications or Portal certifications are carried out to radio reception device based on the identity characteristic information of user;
MAC Address acquisition module, for obtaining the MAC Address of certified radio reception device;
IP address binding module, for the MAC Address of authenticated user entities to be bound with IP address, and store to address and store Module;
Portal authentication modules, for being authenticated to temporary visitor and distributing temporary ip address.
3. network security protection system as claimed in claim 1, it is characterised in that the wireless invasive protection module bag is at least Including two Internet exportations, one of them is used for the transmission of the data of temporary ip address, and others are used for binding IP address The transmission of data.
4. network security protection system as claimed in claim 1, it is characterised in that the assessment system also includes a transparent fireproof Wall, for analyzing and extracting scanning feature and prevent outer net from scanning.
5. network security protection system as claimed in claim 4, it is characterised in that the transparent fireproof wall includes entrance net Block, export network interface card and be arranged at the entrance network interface card and export the control network interface card between network interface card, entrance network interface card and outlet network interface card Between form bridge, realize intranet and extranet transparent communication, control network interface card on configure IP address, for realizing that network manager is long-range Warning information is carried out log recording by access control fire wall and fire wall in intranet Web server.
6. network security protection system as claimed in claim 1, it is characterised in that the viral analog module includes
Virtual responder module, by providing virtual response and providing corresponding Virtual Service, opponent is set to continue attack to be attacked Hit flow;
Analog service module, by performing analog service script, the main frame that immune isolation unit is redirected to flow is carried out Interaction, simulates the interaction of normal service, makes threat main frame continue to attack;
Attack is put on record module, record security isolation module and with the communication information and write into Databasce threatened between main frame, institute Stating the communication information includes call duration time, the IP of communicating pair and port information and attacker's operation system fingerprint information;
Data-mining module, if the flow for assert arrival immune isolation unit is dangerous flow, the attack of system intelligent extraction refers to The feature is simultaneously stored in immune characteristic storehouse by line feature.
7. network security protection system as claimed in claim 1, it is characterised in that the assessment system also includes a rogue AP and examined Module is surveyed, using the radio reception device for being arranged to monitoring pattern, for the equipment in real time scan WLAN, is monitored all Dot11 frames, once noting abnormalities, then interrupt the accessing wirelessly of relevant device.
8. network security protection system as claimed in claim 1, it is characterised in that the abnormal behaviour evaluation module is with static state The form of jar bags is deployed on the main frame.
CN201710854314.1A 2017-09-20 2017-09-20 Network security protection system Pending CN107493300A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710854314.1A CN107493300A (en) 2017-09-20 2017-09-20 Network security protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710854314.1A CN107493300A (en) 2017-09-20 2017-09-20 Network security protection system

Publications (1)

Publication Number Publication Date
CN107493300A true CN107493300A (en) 2017-12-19

Family

ID=60651835

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710854314.1A Pending CN107493300A (en) 2017-09-20 2017-09-20 Network security protection system

Country Status (1)

Country Link
CN (1) CN107493300A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011890A (en) * 2017-12-20 2018-05-08 东北电力大学 A kind of information safety of mobile electronic equipment protects system
CN109309680A (en) * 2018-10-09 2019-02-05 山西警察学院 Network security detection method and guard system based on neural network algorithm
CN110058565A (en) * 2019-03-01 2019-07-26 中国电子科技网络信息安全有限公司 A kind of Industry Control PLC system fingerprint analogy method based on (SuSE) Linux OS
CN111885210A (en) * 2020-08-10 2020-11-03 上海上实龙创智能科技股份有限公司 Cloud computing network monitoring system based on end user environment
CN112202773A (en) * 2020-09-29 2021-01-08 安徽斯跑特科技有限公司 Computer network information security monitoring and protection system based on internet
CN112448949A (en) * 2020-11-12 2021-03-05 武汉空格信息技术有限公司 Computer network monitoring system
CN112651021A (en) * 2020-12-23 2021-04-13 湖南工学院 Information security defense system based on big data
CN112671801A (en) * 2021-01-12 2021-04-16 哈尔滨财富通科技发展有限公司 Network security detection method and system
CN112737663A (en) * 2020-12-23 2021-04-30 中国航空工业集团公司西安航空计算技术研究所 Airborne wireless access and transmission safety protection system and method
CN112804230A (en) * 2020-05-12 2021-05-14 上海有孚智数云创数字科技有限公司 Monitoring method, system, equipment and storage medium for distributed denial of service attack
CN112953966A (en) * 2021-03-20 2021-06-11 中原工学院 Computer network safety intrusion detection system
CN114697059A (en) * 2020-12-29 2022-07-01 慧盾信息安全科技(北京)有限公司 Protection system and method for video signaling attack
CN116886370A (en) * 2023-07-19 2023-10-13 广东网安科技有限公司 Protection system for network security authentication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429987A (en) * 2015-11-25 2016-03-23 西安科技大学 Security system for computer network
CN105471875A (en) * 2015-11-25 2016-04-06 西安科技大学 Computer network monitoring system
CN105743880A (en) * 2016-01-12 2016-07-06 西安科技大学 Data analysis system
CN105847291A (en) * 2016-05-13 2016-08-10 内蒙古工业大学 Computer network defense decision system
CN106850551A (en) * 2016-12-12 2017-06-13 长春理工大学 Network security risk evaluation and Autonomous Defense system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105429987A (en) * 2015-11-25 2016-03-23 西安科技大学 Security system for computer network
CN105471875A (en) * 2015-11-25 2016-04-06 西安科技大学 Computer network monitoring system
CN105743880A (en) * 2016-01-12 2016-07-06 西安科技大学 Data analysis system
CN105847291A (en) * 2016-05-13 2016-08-10 内蒙古工业大学 Computer network defense decision system
CN106850551A (en) * 2016-12-12 2017-06-13 长春理工大学 Network security risk evaluation and Autonomous Defense system

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011890A (en) * 2017-12-20 2018-05-08 东北电力大学 A kind of information safety of mobile electronic equipment protects system
CN109309680A (en) * 2018-10-09 2019-02-05 山西警察学院 Network security detection method and guard system based on neural network algorithm
CN110058565A (en) * 2019-03-01 2019-07-26 中国电子科技网络信息安全有限公司 A kind of Industry Control PLC system fingerprint analogy method based on (SuSE) Linux OS
CN112804230A (en) * 2020-05-12 2021-05-14 上海有孚智数云创数字科技有限公司 Monitoring method, system, equipment and storage medium for distributed denial of service attack
CN111885210A (en) * 2020-08-10 2020-11-03 上海上实龙创智能科技股份有限公司 Cloud computing network monitoring system based on end user environment
CN112202773A (en) * 2020-09-29 2021-01-08 安徽斯跑特科技有限公司 Computer network information security monitoring and protection system based on internet
CN112448949A (en) * 2020-11-12 2021-03-05 武汉空格信息技术有限公司 Computer network monitoring system
CN112651021A (en) * 2020-12-23 2021-04-13 湖南工学院 Information security defense system based on big data
CN112737663A (en) * 2020-12-23 2021-04-30 中国航空工业集团公司西安航空计算技术研究所 Airborne wireless access and transmission safety protection system and method
CN114697059A (en) * 2020-12-29 2022-07-01 慧盾信息安全科技(北京)有限公司 Protection system and method for video signaling attack
CN112671801A (en) * 2021-01-12 2021-04-16 哈尔滨财富通科技发展有限公司 Network security detection method and system
CN112671801B (en) * 2021-01-12 2022-10-28 哈尔滨财富通科技发展有限公司 Network security detection method and system
CN112953966A (en) * 2021-03-20 2021-06-11 中原工学院 Computer network safety intrusion detection system
CN116886370A (en) * 2023-07-19 2023-10-13 广东网安科技有限公司 Protection system for network security authentication
CN116886370B (en) * 2023-07-19 2023-12-08 广东网安科技有限公司 Protection system for network security authentication

Similar Documents

Publication Publication Date Title
CN107493300A (en) Network security protection system
CN101980506B (en) Flow characteristic analysis-based distributed intrusion detection method
CN109309680A (en) Network security detection method and guard system based on neural network algorithm
CN109600363B (en) Internet of things terminal network portrait and abnormal network access behavior detection method
CN103905451B (en) System and method for trapping network attack of embedded device of smart power grid
CN107070929A (en) A kind of industry control network honey pot system
CN103905450B (en) Intelligent grid embedded device network check and evaluation system and check and evaluation method
CN105847291A (en) Computer network defense decision system
CN104506385B (en) A kind of software defined network safety situation evaluation method
CN105429977B (en) Deep packet inspection device abnormal flow monitoring method based on comentropy measurement
Yang et al. Intrusion detection system for network security in synchrophasor systems
CN105471875A (en) Computer network monitoring system
KR101375813B1 (en) Active security sensing device and method for intrusion detection and audit of digital substation
CN107646190A (en) Identified using the malice refined net flow of Fourier transformation
CN107637041A (en) The overview of the acquistion of malice refined net flow identification
CN106685984A (en) Network threat analysis system and method based on data pocket capture technology
CN110401624A (en) The detection method and system of source net G system mutual message exception
KR20110070189A (en) Malicious traffic isolation system using botnet infomation and malicious traffic isolation method using botnet infomation
Li et al. Early detection of DDoS based on $\varphi $-entropy in SDN networks
CN107276983A (en) A kind of the traffic security control method and system synchronous with cloud based on DPI
CN104601553A (en) Internet-of-things tampering invasion detection method in combination with abnormal monitoring
CN107612698A (en) A kind of commercial cipher detection method, device and system
CN105743880A (en) Data analysis system
CN106209902A (en) A kind of network safety system being applied to intellectual property operation platform and detection method
CN108076053A (en) A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171219

RJ01 Rejection of invention patent application after publication